EU internet policy

My Policy Brief on the “Right to be forgotten”

I have uploaded my final report synthesizing the information that I have been exploring over the past few weeks.

The final report and presentation can be accessed here, with additional recommended resources here. There is also a dedicated page at the top on the menu bar.

This policy brief is an overview of the European Union’s proposed policies on digital privacy as announced on January 25, 2012. It has been prepared for the benefit of US business interests as represented by the US Chamber of Commerce

The brief provides the following information:

  • Key facts and goals of the proposed legislation.
  • Assumptions that may have shaped the way proposed legislation is framed.
  • A brief assessment of the proposed legislation’s strengths and its policy gaps.
  • A few suggestions for how an entity like the US Chamber of Commerce can engage with Europe on this matter.

I hope that the report will be useful, and I welcome any comments and feedback.   Although it is my final report on this particular topic, it is certainly not the end of the blog, and I will continue to share my thoughts on various issues related to international affairs, culture,  social media, and other technology related news.


“Right to be forgotten” refresher

In a about a week I will post a short policy brief , which will be an assessment of EU internet policy relating to data privacy.

I will be focusing on one of the documents published on January 25, 2012 when the new data directive was officially unveiled.  I will specifically examine the communication by the European Commission to the European Parliament and Council; and I will make the subject official document available (it’s public domain).  Meanwhile, the European Union’s rationale for the urgency of reform in this area can be seen in this factsheet .

To follow the report, it would also help to reiterate again exactly what is meant by “the right to be forgotten”.  That phrase is actually not mentioned in the official document that I will review, and it is a phrase that really has caught on from analysts and media.   However, it’s meaning was first articulated by Commissioner Viviane Redding, who is Vice-President of the EU’s European Commission and in charge of Justice, Fundamental Rights and Citizenship.  on January 22, 2012 she stated that, “If an individual no longer wants his personal data to be processed or stored by a data controller, and if there is no legitimate reason for keeping it, the data should be removed from their system”

The legal foundation of such thinking can be found in French law which recognizes le droit a l’oubli i.e. a right to oblivion.  It serves the function of for example allowing rehabilitated criminals to object to publication of evidence of their conviction.

The French legal conception of the right to oblivion can be accessed on Wikipedia (in French):’oubli_num%C3%A9rique#Charte_du_Droit_.C3.A0_l.27oubli_num.C3.A9rique_dans_la_publicit.C3.A9_cibl.C3.A9e

Redding’s 2012 statement to the press can be read in full on the EU site:

Data Privacy & Transatlantic Trade Negotiations

The ‘cultural exception‘ spat between the United States and France is getting most of the attention in the imminent EU-USA transatlantic trade negotiations–known as the Transatlantic Trade & Investment Partnership (TTIP).  However, lookout for data, especially in light of the PRISM revelations, this is something else that could derail the trade talks.  From the Financial Times:

“With all the information we’ve found out in recent days about how easily the US spies on people’s private data I think it will be difficult for the Americans to oppose a strong data protection agreement,” said Hannes Swoboda, leader of the socialist members of the European parliament.

“This issue is very critical for us in Europe . . . there will be growing resistance against an agreement with the US unless there are some clear guarantees form their side that our European principles of data protection are respected.”

Given France’s current hardline stance on cultural representation in the media, the Obama administration might be able to offer some concessions by acquiescing to some of the European concerns on internet data privacy policies.

Europe reacts to the ‘PRISM’ news


Are Silicon Valley companies providing a ‘backdoor’ to the Federal Government to access consumer data?

The latest chatter in internet policy circles is the PRISM story.  PRISM is an alleged program in which the US National Security Agency obtained direct access to the systems of Google, Facebook, Apple and other large internet companies.  All the internet companies have denied knowledge of the program (although there is speculation that even if they knew, they legally can’t admit it).

In the context of the current study I’m working on, I was curious to see what the European reaction to this would be, and the New York Times indicates that they are worried:

Privacy is an emotional issue in Europe, where memories of state-sponsored snooping by communist and fascist regimes still linger.

Privacy is an emotional issue in Europe, where memories of state-sponsored snooping by communist and fascist regimes still linger. And so the revelation Thursday that the U.S. National Security Agency had obtained routine access to e-mail, Web searches and other online data from many of the biggest U.S. Internet companies — whose users stretch far beyond U.S. shores — prompted hand-wringing about America’s moral authority.

“If the U.S. complains about foreign governments spying and then it turns out it is doing the same thing — well, what are you complaining about?” said Yaman Akdeniz, a law professor at Istanbul Bilgi University in Turkey, where anger over restrictions on civil liberties has fueled anti-government protests.

European privacy advocates said Friday that the disclosure of Prism could bolster the push for stricter data protection in the new laws, including a proposed “right to be forgotten,” which would let Internet users scrub unflattering online references to themselves.

There is that “right to be forgotten”  being mentioned again.  PRISM is the sort of thing that I imagine Europeans would think vindicates their position.  Here is the German Chief Data protection public official, giving voice to European worries:

“The U.S. government must provide clarity regarding these monstrous allegations of total monitoring of various telecommunications and Internet services,” said Peter Schaar, German data protection and freedom of information commissioner.

“Statements from the U.S. government that the monitoring was not aimed at U.S. citizens but only against persons outside the United States do not reassure me at all,” he said.

I for one cannot imagine that such news would give leverage to Silicon Valley organizations lobbying in Brussels against stringent internet data protection legislation.

Assumptions on Privacy: It’s meaning and relationship with other rights

As far as internet privacy, everyone uses similar language  and appears to want the same end goal.  Firms like Google and Facebook are arguing that they are supportive of principles of digital privacy like what Europe is advocating.  US-based experts argue that there are many laws in place that amount to online privacy.  Is the issue a philosophical one? Here are some statements to see if any assumptions can be identified:


Ultimately, responsibility for deleting content published online should lie with the person or entity who published it. Host providers store this information on behalf of the content provider and so have no original right to delete the data. Similarly, search engines index any publicly available information to make it searchable. They too have no direct relationship with the original content.


Speaking yesterday at a conference on digital privacy taking place in London, Facebook’s Simon Milner, director of public policy in the UK and Ireland, said: “The right to delete your online data is an important one, the right to erasure is a key principle. However, the right to be forgotten… raises many concerns with regard to the right of others to remember and to freedom of expression. It is important this can be implemented in practice, but as drafted the current proposal risks introducing measures which are both unreasonable and unrealistic.

EU is not impressed:

Reding added: “The European rules [will] apply to every company … which operates in the internal market. The EU is a large market with 500 million citizens. If you want to take advantage of this goldmine, then apply the rules. Facebook and such providers like the one-stop shop. They like the fact that the rules are the same everywhere. There’s no opt-out. This is an internal market regulation. It’s a decision that will be taken by majority rule.”


Viviane Reding, the EU justice commissioner, said: “At present a citizen can request deletion only if [data is] incomplete or incorrect. We want to extend this right to make it stronger in this internet world. The burden of proof shall be on the companies. They will have to show that data is needed.”

So first we see how privacy is not being discussed in isolation, with other rights such as freedom of expression being invoked by Facebook, Incidentally, this freedom of expression online was affirmed by the United Nations in 2012, with online expression being declared a human right.  For Google, they emphasize individual responsibility and ‘ownership’ being emphasized by Google.  Second are different views on the relationship between businesses, enterprises and the government. Reding’s frame is that the individual should be protected from unreasonable private sector practices.  That businesses should conform to US Law.

A 2004 report published in The Yale Law Journal explores the philosophical conceptions between privacy in Europe and USA.  The argument presented is that, “American law shows a far greater sensitivity to intrusions on the part of the state, while continental [European] law shows a far greater sensitivity to the protection of one’s public face.” (my emphasis)

My initial reaction to this is that while American’s may be hostile to state involvement, there is a tendency to enable contract law.  One can read about this in detail in the book Liberalizing the European Media, by Shalini Venturelli, Professor of International Communication at American University.  In one of her chapters, Venturelli details how privatization of law, state, constitutional law and public goods have forced the balance of content regulation regimes heavily in favor of  pre-political contract law as favored by global corporations.  Efforts at legislating a right to be forgotten might be a potential schism in the intellectual property rights regime between European legislators, and powerful US-based multinational corporations (along with their sympathetic American legal intelligentsia) –at least as far as data privacy is concerned.

Who ‘owns you’ on the internet?

right to be forgotten


When you post a photo of yourself on Facebook, have you ever thought of who owns that photo?  Or better yet, if you are at a party, and your friend posts a photo of you, who really owns that image? Is it you, your friend, the Internet Service Provider, or the platform hosting the photo?

This is one of the many new contentious issues of a global nature that  has been brought about by the internet, whose development has outpaced international legislation (other issues include the digital divide, broadband access, net neutrality, and global governance of the internet).

The EU sides with the individual on this one, as seen in their their proposed data protection directive, which is intended to be an important component of EU privacy/human rights.

US-based Silicon valley cooperations are against this legislation, and are lobbying hard against it through the US government and the US Chamber of commerce.

Can ownership simultaneous infringe on others freedom of speech or expression? Think of it in an online context.  This is a messy issue–especially in the era of big data.



The Role of Culture in Communications Policy

As I begin my review of European internet policy, I wonder to what extent culture is a precursor to the technical and legal aspects to internet governance in Europe. It is generally thought that European’s tend to be more statist in their public policy, while the United States is more hostile to regulation.   This is not just a matter of public policy, but as previous polling has shown, it is also a reflection of cultural attitudes. Post-2012 US Election polling shows divergent views on the role of the individual freedom and an active state:

Individualism also continues to differentiate Americans and Europeans. Most Americans believe individuals largely control their own fate – just 36% agree with the statement “Success in life is pretty much determined by forces outside our control.” However, half or more in Germany, France, and Spain agree with this statement.

Europeans also believe in a very different relationship between the individual and the state. When asked which is more important, that everyone be free to pursue life’s goals without interference from the state, or that the state play an active role in society to guarantee that no one is in need, 58% of Americans choose the former. Majorities across Western and Eastern Europe, on the other hand, say making sure no one is in need should be a bigger priority.

Given the global nature of  the telecommunications industry, and with Silicon Valley is the Mecca of new media corporations, this is a potential flash point between US based tech companies, and European courts.